CLSA-2021:1638803819

[CLSA-2021:1638803819] Fixed 56 CVEs in binutils

Type:

security

Severity:

Moderate

Release date:

2021-12-06

Description:

- CVE-2017-7223: Fix global buffer overflow (of size 1)
- CVE-2017-7224: Fix invalid write (of size 1) while disassembling
- CVE-2017-7225: Fix NULL pointer dereference and an invalid write
- CVE-2017-7226: Fix heap-based buffer over-read of size 4049
- CVE-2017-7227: Fix heap-based buffer overflow
- CVE-2017-7299: Fix invalid read (of size 8) in ELF reloc section
- CVE-2017-7300: Fix heap-based buffer over-read (off-by-one)
- CVE-2017-7301: Fix off-by-one vulnerability
- CVE-2017-7302: Fix invalid read (of size 4)
- CVE-2017-7614: Fix undefined behavior issue
- CVE-2017-8393: Fix global buffer over-read error
- CVE-2017-8394: Fix invalid read of size 4 due to NULL pointer dereferencing
- CVE-2017-8398: Fix invalid read of size 1 during dumping of debug information
- CVE-2017-8421: Fix memory leak vulnerability
- CVE-2017-9742: Fix buffer overflow
- CVE-2017-9744: Fix buffer overflow
- CVE-2017-9747: Fix buffer overflow
- CVE-2017-9748: Fix buffer overflow
- CVE-2017-9749: Fix buffer overflow
- CVE-2017-9753: Fix buffer overflow
- CVE-2017-9754: Fix buffer overflow
- CVE-2017-12448: Fix use after free
- CVE-2017-12449: Fix out of bounds heap read
- CVE-2017-12455: Fix out of bounds heap read
- CVE-2017-12457: Fix NULL dereference
- CVE-2017-12458: Fix out of bounds heap read
- CVE-2017-12459: Fix out of bounds heap write
- CVE-2017-12450: Fix out of bounds heap write
- CVE-2017-12452: Fix out of bounds heap read
- CVE-2017-12453: Fix out of bounds heap read
- CVE-2017-12454: Fix arbitrary memory read
- CVE-2017-12456: Fix out of bounds heap read
- CVE-2017-14333: Fix integer overflow, and hang because of a time-consuming loop
- CVE-2017-12451: Fix out of bounds stack read
- CVE-2017-12799: Fix buffer overflow
- CVE-2017-13710: Fix NULL pointer dereference
- CVE-2017-14130: Fix _bfd_elf_attr_strdup heap-based buffer over-read
- CVE-2017-14932: Fix infinite loop
- CVE-2017-14938: Fix excessive memory allocation
- CVE-2017-14940: Fix NULL pointer dereference
- CVE-2017-15020: Fix parse_die heap-based buffer over-read
- CVE-2017-15022: Fix bfd_hash_hash NULL pointer dereference
- CVE-2017-15225: Fix divide-by-zero error
- CVE-2017-15938: Fix find_abstract_instance_name invalid memory read, segmentation fault
- CVE-2017-15939: Fix NULL pointer dereference
- CVE-2017-15996: Fix buffer overflow on fuzzed archive header
- CVE-2017-16826: Fix invalid memory access
- CVE-2017-16827: slurp_symtab invalid free
- CVE-2017-16828: Fix integer overflow and heap-based buffer over-read
- CVE-2017-16831: Fix integer overflow or excessive memory allocation
- CVE-2017-17080: Fix bfd_getl32 heap-based buffer over-read
- CVE-2017-8396: Fix invalid read of size 1
- CVE-2017-17121: Fix memory access violation
- CVE-2017-17123: Fix NULL pointer dereference
- CVE-2017-17124: Fix excessive memory consumption or heap-based buffer overflow
- CVE-2017-17125: Fix buffer over-read

Updated packages:

binutils-devel-2.20.51.0.2-5.48.1.el6.tuxcare.els2.x86_64.rpm
sha:50571ee30bea40584f82d6dc53cdb6c7c6f86039
binutils-2.20.51.0.2-5.48.1.el6.tuxcare.els2.x86_64.rpm
sha:b3c0bfb07f4809161a82b942c3eb13670238d6d7
binutils-devel-2.20.51.0.2-5.48.1.el6.tuxcare.els2.i686.rpm
sha:f1446d4c1e63f44d3b1342a8449bf6a8548676ad

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.